grimm-nixos-laptop/modules/letsencrypt.nix

{
  lib,
  config,
  inputs,
  pkgs,
  ...
}:
let
  inherit (config.networking) domain;
  root_email = "contact@${domain}";
in
{
  security.acme = {
    acceptTerms = true;
    defaults.email = root_email;
    certs."${domain}" = {
      webroot = "/var/lib/acme/acme-challenge/";
    };
  };

  users.users.nginx.extraGroups = [ "acme" ];
}
fmt 2024-05-08 21:50:08 +02:00			`{`
			`lib,`
			`config,`
			`inputs,`
			`pkgs,`
			`...`
			`}:`
server config 2024-05-08 21:49:37 +02:00			`let`
			`inherit (config.networking) domain;`
			`root_email = "contact@${domain}";`
fmt 2024-05-08 21:50:08 +02:00			`in`
			`{`
server config 2024-05-08 21:49:37 +02:00			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = root_email;`
			`certs."${domain}" = {`
			`webroot = "/var/lib/acme/acme-challenge/";`
			`};`
			`};`

			`users.users.nginx.extraGroups = [ "acme" ];`
			`}`